[Samba] Samba-2.2.8a /LDAP can't join domain
Chris McKeever
cgmckeever at prupref.com
Sat Jul 12 03:49:58 GMT 2003
Join the club!
one thing I found is that if I dont have the master browser setup correctly
(domain logons = yes master browser = yes), then I get that message as well.
are your logs showing anything?
> -----Original Message-----
> From: PHELPS, SCOTT [mailto:SPHELPS at ridgways.com]
> Sent: Friday, July 11, 2003 8:32 PM
> To: samba at lists.samba.org
> Subject: [Samba] Samba-2.2.8a /LDAP can't join domain
>
>
>
>
> -----Original Message-----
> From: Scott Phelps [mailto:sphelps at ridgways.com]
> Sent: Friday, July 11, 2003 9:19 PM
> To: 'samba at lists.samba.org'
> Subject: Samba-2.2.8a & LDAP - Can't join Domain - SID mapping error
>
> Hi everyone,
> I am at my wits end and am hoping one of you can help me out.
>
> I am getting the following error when attempting to join
> Windows XP/2000 machine to the domain:
>
> "The following error occurred attempting to join the domain
> "MY_DOMAIN"
> No mapping between account names and security IDs was done.
>
> Running Gentoo Linux
> Samba 2.2.8a
> OpenLDAP 2.0.27
>
> I performed the following registry hacks:
> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
> "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters]
> "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
> \Parameters]
> "requirestrongkey"=dword:00000000"requiresignorseal"=dword:00000000
>
> I am attempting to join the domain as root.
> root was added via smbpasswd -a root
> domain admin group = root Was placed in my smb.conf
> I set up a fake root user this way in LDAP:
> dn: uid=root,ou=People,dc=virginiabeach,dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaAccount
> uidNumber: 0
> gidNumber: 0
> homeDirectory: /home/root
> loginShell: /bin/bash
> gecos: root
> shadowLastChange: 0
> shadowMax: 0
> shadowWarning: 0
> userPassword: {SSHA}GN3hrCs7c8Kgd93df23838hHH
> uid: root
> pwdLastSet: 1057974221
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 2147483647
> pwdMustChange: 2147483647
> displayName: root
> cn: root
> smbHome: \\MY_PDC\homes
> homeDrive: Z:
> scriptPath: logon.cmd
> profilePath: \\MT-PDC\profiles\root
> rid: 1000
> primaryGroupID: 1001
> lmPassword: 639C041927C79D99AAEJKHRJFHKRJKL
> ntPassword: 6E1766AB79DDFHGJDHFJJHBJFHBJRHR
> acctFlags: [UX ]
>
> The machine name is also in LDAP like this:
> dn: uid=MYMACHINE$,ou=Machine,dc=virginiabeach,dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaAccount
> uid: MYMACHINE$
> uidNumber: 11014
> gidNumber: 11014
> homeDirectory: /dev/null
> loginShell: /bin/false
> gecos: rid96itlaptop windows machine,,,
> userPassword: {crypt}x
> shadowLastChange: 0
> shadowMax: 0
> shadowWarning: 0
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 2147483647
> pwdMustChange: 2147483647
> displayName: MYMACHINE$
> acctFlags: [W]
> rid: 23028
> primaryGroupID: 23029
> homeDrive: U:
> smbHome:
> profilePath:
> scriptPath: logon.cmd
> lmPassword: xxx
> ntPassword: xxx
> cn: MYMACHINE$
>
> Everything else works, and I am able to log into Linux and a
> Samba share using a test user authenticating strictly via LDAP.
>
> Any help is greatly appreciated. Otherwise I will have no hair left!
>
> Thanks,
>
> -- Scott Phelps
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list